From: Eric Sesterhenn <snakebyte@gmx.de>
To: Chris Wright <chrisw@sous-sol.org>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>,
linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
William Lee Irwin III <wli@holomorphy.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vegard Nossum <vegard.nossum@gmail.com>
Subject: Re: Redzone overwritten with CONFIG_SECURITY
Date: Wed, 28 May 2008 12:03:57 +0200 [thread overview]
Message-ID: <20080528100357.GA2510@alice> (raw)
In-Reply-To: <20080527174738.GZ30402@sequoia.sous-sol.org>
* Chris Wright (chrisw@sous-sol.org) wrote:
> * Pekka Enberg (penberg@cs.helsinki.fi) wrote:
> > On Mon, May 26, 2008 at 5:34 PM, Eric Sesterhenn <snakebyte@gmx.de> wrote:
> > > i enabled CONFIG_SECURITY on current git and get tons of
> > > Redzone overwritten errors during early boot, even
> > > with CONFIG_SECURITY_CAPABILITIES and CONFIG_SECURITY_NETWORK
> > > disabled. After a while it ends with a kernel panic
> > > saying: not syncing: Out of memory and no killable process...
> > > Root partition is ext3 format.
> >
> > So what kernel version is this and what's the last known version that
> > worked? As it's early boot crash, maybe you can try to do git bisect
> > on it?
> >
> > >
> > > At the moment i dont have a camera at hand, so i'll try
> > > to write down everything which looks interesting, please tell
> > > me if i missed something.
> > >
> > > The first 24 Bytes of the overwritten section contain
> > > zeros. Then we have a constant 0x18, and three changing
> > > values. the next three bites contain exactly the same
> > > values, first the 0x18, then the two changing ones.
> > >
> > > The only value i found so far matching the 0x18 and
> > > which might be related to CONFIG_SECURITY is CAP_SYS_RESOURCE
> > > defined in /include/linux/capability.h
> > >
> > > BUG hugetlbfs_inode_cache: Redzone overwritten
> > >
> > > INFO: 0xccd8e250-0xccd8e253. First byte 0x0 instead of 0xbb
> > > Info: Slab 0xc119d1c0 objects=12 used=0 fs=0xccd8e000 flags=0x400020c3
> > > Info: Object 0xccd8e00 offset=0 fp=0xccd8e280
> > >
> > > Object 0xccd8e00: 00 00 00 ...
> > > Object 0xccd8e10: 00 00 00 00 00 00 00 00 00 18 e0 d8 cc 18 e0 d8 cc
> > > Object 0xccd8e20 00 00 00 ...
>
> That looks like an addr within the object, like an INIT_LIST_HEAD.
>
> > > Pid: 1, comm:swapper Not tainted 2.6.26-rc3-00436-gb373303 #42
> > > print_trailer
> > > check_bytes_and_report
> > > check_object
> > > __slab_alloc
> > > kmem_cache_alloc
> > > ? hugetlbfs_alloc_inode
> > > ? hugetlbfs_alloc_inode
> > > hugetlbfs_alloc_inode
> > > alloc_inote
> > > new_inode
> > > hugetlbs_get_inote
> > > hugetlbfs_fill_super
> > > ? sget
> > > ? set_anon_super
> > > get_sb_node
> > > hugetlbfs_get_sb
> > > ? hugetlbfs_fill_super
> > > vfs_kern_mount
> > > kern_mount_data
> > > init_hugetlbfs_fs
> > > ? init_once
> > > ? kernel_init
> > > kernel_init
>
> ok, do_init_calls time frame with that config...CONFIG_SECURITY isn't
> really doing any allocations, nor much in the way of memory writes.
> It would get called into via the:
>
> hugetlbs_get_inode
> new_inode
> alloc_inode
> security_inode_alloc <-- and that'd be basically a no-op
>
> > > Config follows:
>
> I couldn't recreate with that config.
I did a fresh git-clone and tried again without being able
to reproduce this.
I diffed all .h and .c files and except for
the autogenerated ones they are exactly the same...
Is it possible that this was caused because a file didnt
get rebuild correctly? I can still reproduce it with the
old checkout. Sorry if this causes unessecary noise :(
Greetings, Eric
next prev parent reply other threads:[~2008-05-28 10:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-26 14:34 Redzone overwritten with CONFIG_SECURITY Eric Sesterhenn
2008-05-27 14:00 ` Eric Sesterhenn
2008-05-27 14:23 ` Vegard Nossum
2008-05-27 14:53 ` Eric Sesterhenn
2008-05-27 14:55 ` Pekka Enberg
2008-05-27 15:00 ` Pekka Enberg
2008-05-27 15:11 ` Eric Sesterhenn
2008-05-27 16:11 ` Eric Sesterhenn
2008-05-27 17:59 ` Pekka Enberg
2008-05-27 18:04 ` Christoph Lameter
2008-05-27 17:47 ` Chris Wright
2008-05-28 10:03 ` Eric Sesterhenn [this message]
2008-05-28 21:51 ` Chris Wright
2008-05-31 23:24 ` Chris Wright
2008-05-27 18:25 ` Pekka Enberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080528100357.GA2510@alice \
--to=snakebyte@gmx.de \
--cc=akpm@linux-foundation.org \
--cc=chrisw@sous-sol.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penberg@cs.helsinki.fi \
--cc=vegard.nossum@gmail.com \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox